A connector to send arbitrary log sources to remote/local Humio instance.
- Download all files in a new folder on a linux node
- install.sh will install the tool with required configs
- Verify if logshipper service is running : systemctl status logshipper
- Stop the service, if its already running : systemctl stop logshipper
- Update the logshipper.service file in case using logshipper.py instead of logshipper executable
- Update logshipper.conf
- Stop and start the logshipper service : systemctl stop logshipper; systemctl start logshipper
- Check logshipper.log for more info
- loshipper service will not start unless there is one valid stanza in config file Check Humio marketplace to download respective packages
(Check Humio marketplace to download respective packages)
- CrowdStrike FDR
- CrowdStrike SIEM Connector
- Syslog
- it supports both JSON and standard syslog format
- it will add hostname and source file name to each event
- use parseJson() to parse the json fields and then use suitable syslog parser as each event will be ingested as json event
- AWS CloudTrail
- Amazon GuardDuty
- GCP Audit Logs